Special offers now — see discounted courses.
day
:
hour
:
min
:
sec
See special offers
Penetration Testing Web Apps with Kali and Burp Suite

Penetration Testing Web Apps with Kali and Burp Suite

1h 55mAdvanced2022-09-29

Authors

Malcolm Shore

Malcolm Shore

Cybersecurity Expert, Former Director of GCSB

Course details

Websites are one of the most vulnerable pieces of information technology, since their contents are exposed to access from the internet. By understanding how attackers locate and exploit these vulnerabilities, you can help build more secure websites and protect web applications. This course shows you how to perform advanced web testing using the tools available in Kali, the professional pen testing framework. After a brief refresher on web testing, instructor Malcolm Shore introduces some new tools for enumerating and exploiting websites. Malcom teaches you how to spider a website using Burp Suite and check for vulnerable pages, how to find hidden pages on a website, and shows how the common web technologies such as PHP, Nodejs, and ASP can be exploited. He also explains how to integrate Burp Suite and sqlmap to enable deep testing of a web site for hidden access vectors, as well as using tools like Cadaver and Jhead which attackers use to upload malware.

Skills covered

Penetration TestingCybersecurityDeep Dive (X:Y)

Concepts

0. Introduction

  • 01 - Protecting your websites
  • 02 - What you should know before watching this course
  • 03 - Disclaimer

1. Setting Up

  • 04 - Preparing the test environment
  • 05 - Setting up WordPress
  • 06 - Setting up Joomla
  • 07 - Online testing sites

2. Refresher

  • 08 - A refresher on web technology
  • 09 - Refreshing your basic web testing skills
  • 10 - A refresher on website shell implants

3. Advanced Website Enumeration

  • 11 - Busting open a website
  • 12 - Identifying virtual websites
  • 13 - More ways to find web pages

4. Finding Vulnerabilities

  • 14 - Vulnerability scanning with Burp Suite
  • 15 - Using sqlmap to validate SQL injections

5. Attacking the Website

  • 16 - Exploiting your way into the gym
  • 17 - Exploiting through an ASPX shell with Cadaver
  • 18 - Checking web page source
  • 19 - Injecting HTML into a web page
  • 20 - Exploiting tools left on websites
  • 21 - Injecting SQL using Burp Suite
  • 22 - Exploiting Node.js
  • 23 - Injecting XML into a web page
  • 24 - File access through a web application URL

6. Content Management

  • 25 - Understanding CMS targets
  • 26 - Getting into WordPress
  • 27 - Shelling through WordPress
  • 28 - Exploiting Joomla via SQL

Conclusion

  • 29 - What's next

Related courses

Related learn paths

About us

LyndaKade is a leading learning platform that helps people learn business, software, technology, and creative skills to achieve personal and professional goals.

Phone numberAparat ChannelTelegram SupportTelegram ChannelInstagram Page

All rights to this site belong to LyndaKade.

Terms of Service|Privacy Policy

نماد الکترونیک enamad در صورت اتصال با آی‌پی داخل کشور، نمایش داده خواهد شد.
logo-samandehi - لوگو ساماندهی
zarinpal
zibal